Re: [PR] ARTEMIS-5316 XOAUTH2 SASL mechanism for broker connection [activemq-artemis]

Thu, 27 Feb 2025 15:36:49 -0800 


tabish121 commented on code in PR #5535:
URL: https://github.com/apache/activemq-artemis/pull/5535#discussion_r1974488157


##########
artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/connect/AMQPBrokerConnection.java:
##########
@@ -1204,6 +1206,47 @@ public static boolean isApplicable(final NettyConnection 
connection) {
       }
    }
 
+   private static class XOAuth2SASLMechanism implements ClientSASL {
+
+      private final String userName;
+      private final String token;
+
+      public XOAuth2SASLMechanism(String userName, String token) {
+         this.userName = userName;
+         this.token = token;
+      }
+
+      @Override
+      public String getName() {
+         return XOAUTH2;
+      }
+
+      @Override
+      public byte[] getInitialResponse() {
+         String response = String.format("user=%s\u0001auth=Bearer 
%s\u0001\u0001", userName, token);
+         return response.getBytes(StandardCharsets.UTF_8);
+      }
+
+      @Override
+      public byte[] getResponse(byte[] challenge) {
+         return EMPTY;
+      }
+
+      public static boolean isApplicable(AMQPBrokerConnectConfiguration 
brokerConnectConfiguration, NettyConnection connection) {
+         Map<String, Object> params = 
connection.getConnectorConfig().getParams();
+         String amqpSaslMechanism = 
ConfigurationHelper.getStringProperty(TransportConstants.AMQP_SASL_MECHANISM, 
null, params);

Review Comment:
   This seems like something we can get from URI options and not scatter AMQP 
specific options into the netty TransportOptions bits that don't carry any 
other AMQP related constants.  I believe we already have configuration  on the 
acceptor URI for AMQP for what mechanisms the broker is allowed to offer.  This 
should be configured somewhat the same in that if you want to use XOAUTH2 then 
the connection should specify that as the only allowed option and fail if the 
remote doesn't offer it.  



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For additional commands, e-mail: gitbox-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact

Reply via email to